WordPress 3.1.4 Security Update Released
Update: Please note that 3.1.4 is an old release of WordPress. You can always download the latest version of the blogging software from the official website.
It seems that WordPress developers have a thing for releasing new versions of WordPress shortly before I'm going to bed. Whenever they do it means that I have to stay away to find out if it fixes security vulnerabilities. If it does, I update all of my blogs immediately. Instead of going to bed, I'm spending between one and two hours updating sites. Not that pleasant.
WordPress 3.1.4. has just been released and the developers refer to it as a security and maintenance upgrade. The new version fixes one known vulnerability that "could allow a malicious Editor-level user to gain further access to the site". If you are running a single author blog you are safe from this.
I'd still recommend to update the blog as soon as possible because of security hardening additions to the blogging platform.
The update is as usually available as a direct download, install and update from within the WordPress admin interface, and as a separate download from the official WordPress website. I have updated a total of five blogs so far - including Ghacks Technology News - and encountered no problems or issues after the update. While it may be to early to tell, it is relatively safe to say that the update won't break the blog.
WordPress admins who are interested in all changes in the WordPress 3.1.4 release find them listed on WordPress trac.
The developers have furthermore released the third and final release candidate of WordPress 3.2 which will be released in the near future. While I would not suggest to update a public blog to that version yet, it is clear that it won't be long until the final version is released. Likely again before my bedtime.
You find additional information about the features and changes in WordPress 3.2 on the official beta announcement post over at the WordPress website.
Have you updated your blogs yet? If so, have you encountered any issues with this update?
If we dont use an editor role would you still suggest updating for security purposes? I try to run a fairly secure site and would welcome any upgrades in that dept, however I dont use the editor role sooooo…..what a hassle to update for nothing….
Bryan, I would update for the security hardening alone.
Hey Martin, out of curiosity, do you have any sort of method you use to streamline the updating of your several WordPress sites? I’m starting to manage several myself and just was wondering if you have any tips for managing several WordPress installations?
Other than keeping track of all blogs and having a directory in my bookmarks that point straight to their admin interfaces? No, nothing. It would obviously very comfortable to push the update to all blogs at once, but this gives me less control over the update. Last night one of the updates failed and I had to re-upload all files manually. I do not know of a solution that can push updates if the sites are hosted on multiple servers.
Well, upcoming WordPress 3.2 has must have updates for each type of WordPress Website even if you are running it stand-alone or with multiple users. If you leave this 3.1.4 and upcoming 3.1.* releases then there is gap between your current version & 3.2. Trying to cover up the gap or just to step up with 3.2 directly without 3.1.* updates may result into risks. The upgrade process may fail subsequently or your blog gets down for few hours until you do clean install with 3.2. Avoid the risks and just give some time to regularly upgrade your WordPress with subsequent releases. And who knows this may save your site from hackers.
Thank’s for share bro…